[Bug 2084104] Re: UEFI GRUB2 enforces NX even with a non-NX shim

Mate Kukri 2084104 at bugs.launchpad.net
Thu Oct 10 15:02:36 UTC 2024


I've also found a machine I own that reproduces this... Looking into the
root cause currently

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/2084104

Title:
  UEFI GRUB2 enforces NX even with a non-NX shim

Status in grub2 package in Ubuntu:
  In Progress

Bug description:
  Please also see final comments on
  https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2078307, this
  whole thing stareted there.

  There are two known affected machines currently, one is confirmed to
  correctly be running the non-NX shim and 2.12-5ubuntu5 GRUB.

  Despite this, the GRUB on these machines decides to always enforce NX,
  likely because the MokPolicy variable is not being exported exactly as
  GRUB expects.

  This happens with both Secure Boot enabled and disabled.

  I have a suspicion that some of the attribute checks in this function
  are not behaving as expected on these firmwares:
  https://git.launchpad.net/~ubuntu-uefi-
  team/grub/+git/ubuntu/tree/debian/patches/nx/efi-Disallow-fallback-to-
  legacy-Linux-loader-when-shim-sa.patch#n22

  The only obvious impact right now is Windows chainloading from GRUB on
  specific affected machines.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2084104/+subscriptions




More information about the foundations-bugs mailing list